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REMARKS 

This is in response to the Final Office Action mailed on April 1 2, 2005 in which claims 1 -26 
were rejected. With this Amendment, claims 1, 4-8, 10-12, 13, 15, 16, 18, and 23 are amended and 
claims 9 and 14 are canceled. Claims 1-8, 10-13, and 15-26 are pending in this application. 
Reversal of Multiple Platform Claim Amendments 

In the previous Amendment dated November 8, 2004 various claims were amended to 
explicitly recite multiple platforms. With this amendment, the prior claim amendments reciting multiple 
platforms have been reversed. 
Claim Rejections Under 35 U.S.C. S 103 

In the Office Action, claims 1-26 were rejected under 35 U.S.C. § 103(a) as being 
obvious over various combinations of Moriconi (U.S. Patent No. 6, 1 58,0 1 0), Andrews (U.S. Patent No. 
6,574,736), Boitana(U.S. Patent No. 5,305,456), Serbinis (U.S. Patent No. 6,3 14,425), Wobber (U.S. 
Patent No. 5,235,642), Wu (U.S. Patent No. 5,774,551), Kausik (U.S. Patent No. 6,263,446) and the 
knowledge of a person of ordinary skill in the art at the time of the invention. 

With this Amendment, independent claims 1,13, and 1 8 have been amended to bring the 
claims in line with features recited in claim 23 . With these amendments, the claims have been more directly 
focused on features relating to the security broker and security provider, the ways in which these features 
interact, and the functions that they perform. The prior art of record does not teach or suggest each and 
every one of these features, the functions that they perform, and the ways in which they interact with each 
other. 

One of the features now recited in the claims is a security provider that performs three 
functions: authentication, authorization, and receiving permissions requests from a security broker. The 
prior art does not disclose a security provider that performs these functions. Specific deficiencies of the 
prior art will now be discussed with reference to the security provider feature of the invention. 

The Office Action correctly states that neither Moriconi or Andrews teach a specific 
authentication means (for example: page 7, no. 14; page 10,no. 16; page 14,no.22). Since neither of 
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these references teach a specific authentication means, they do not teach or suggest a security provider that 
performs authentication. Rather, Moriconi merely makes a general statement that the Moriconi system 
would work with any authentication means. Moriconi does not specify that the function is performed by 
any particular portion of the system, and therefore does not teach or suggest a security provider that 
performs the function of authentication. 

Therefore, in order for the rej ection under § 1 03 to be maintained, the security provider 
that performs each of the specified functions must be taught or suggested by another reference. The other 
main reference relied upon in the Office Action was Boitana. However, Boitana does not teach or suggest 
a security provider that performs each of these functions. In the Office Action, the Examiner stated that 
Boitana does not teach or suggest a plurality of security brokers (Office Action page 1 7, no. 27). Because 
Boitana does not teach or suggest a plurality of security brokers, Boitana does not and could not teach or 
suggest a security provider for receiving permissions requests from a security broker. 

As can be seen, the claim amendments have also further clarified the role of the security 
broker in the present invention. The prior art does not teach or suggest a plurality of security brokers that 
perform the specified functions. The Office Action admits that Boitana does not explicitly teach a plurality 
of security brokers, but states that Moriconi discloses a means of authorizing users through a plurality of 
security brokers. (Page 1 7, no. 27.) Specifically, the office action cites to Moriconi where it states that 
"multiple authorizationengines 3 16 can be usedforadded performance and reliability." (Col. 11, lines 12- 
14.) These authorization engines, however, do not perform all of the functions of the security broker as 
recited by the claim. For example, the authorization engine does not route permissions requests to one of 
the security providers. The specific amendments made to each of the independent claims will now be 
briefly described. 

Claim 1 has been amended to recite that determining access rights comprises authenticating 
a computer user as a valid user with one of a plurality of security providers, authorizing the user to access 
one fo the secured resources with one of a plurality of security providers, and receiving permissions 
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requests from a security broker with one of the security providers. Since each and every feature of the 
claim are not taught or suggested by the prior art, claim 1 is in condition for allowance. 

Similarly, claim 1 3 has been amended to recite that determining access privileges comprises 
authenticating a user on the system with one of a plurality of security providers, authorizing access rights 
to the secured resources in the software application with one of a plurality of security providers, and 
receiving permissions requests from a security broker with one of the security providers. Since each and 
every feature of the claim are not taught or suggested by the prior art, claim 1 3 is in condition for allowance. 

Claim 1 8 has also been amended to recite a plurality of security providers for authenticating 
a computer user, authorizing permissions available to the computer user, and receiving permissions 
requests, each security provider having a security data store containing data related to authentication and 
authorization. It has also been amended to recite a plurality of security brokers for routing permissions 
requests to one of the security providers and for determining access rights to secured resources in the 
software application based on the permissions received from one of the security providers, each security 
broker having a data store containing data related to permissions authorized by one of the security 
providers. Since each and every feature of the claim are not taught or suggested by the prior art, claim 1 8 
is in condition for allowance. 

Claim 23 recites authenticating a computer user to a computer security provider, storing 
the result on the security broker, retrieving a surrogate identifier from the security broker, and authorizing 
the surrogate identifier to the computer security provider. The computer security provider returns surrogate 
permissions corresponding to the surrogate identifier, the surrogate permissions for determining access 
rights to secured resources in the software application according to the surrogate permissions. Since each 
and every feature of the claim are not taught or suggested by the prior art, claim 23 is in condition for 
allowance. 

Dependent claims 2-8, 10-12; 15-17; 19-22; and 24-26 depend from allowable 
independent claims 1,13,18, and 23 respectively. Therefore, these dependent claims are also allowable. 
Reconsideration and notice to that effect is respectfully requested. 
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Conclusion 

In view ofthe foregoing, this application containing pending claims 1-8, 10-13,and 15-26 
are in condition for allowance. Reconsideration and notice to that effect is respectfully requested. 
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